Experts have started warning users whose Apple UDIDs may have ended up online as a result of the latest incident to be on the lookout for shady service and websites. Cybercriminals are taking advantage of the unfortunate event to launch their campaigns.
AntiSec hackers have stolen
around 12 million UDIDs, along with some personal information. The source of the data leak might be
the Federal Bureau of Investigations (FBI), or it might be
a company called BlueToad.
In any case, if you suspect that your UDID might have ended up online and you want to verify this, you must be careful where you look for it.
Searching for the names of the files obtained by the hackers - NCFTA_iOS_devices_intel.csv
– can get you on all sorts of suspicious websites. For instance, McAfee researchers have found that the first file shows up on various BitTorrent sites.
The files don’t contain the leaked information, but instead, they carry malicious elements such as Artemis!16D937DB87E4.
McAfee experts aren’t the only ones concerned
with the fact that many searches for the UDIDs point to suspicious websites. Researchers from Solutionary have also issued a similar warning.
“If you want to find out if your UDID was one of the ones released, be careful. There are many scams designed to get you to enter your UDID for a search. Don’t do that,” Jon Heimerl of Solutionary wrote
“Some of these are designed just to capture your UDID. If you really want to know, download the list and search, or find an https: link that will allow you to search with a partial UDID.”
Heimerl also reinforces the fact that organizations should realize the immediate threat and ensure that their systems are properly protected.
“Organizations need to continue understanding that they are being targeted, and need to protect their information with appropriate due care. These are not just words. ‘Good practice’ and ‘due care’ should mean something about the way you run your security program,” he explained.